Acked-by: Gert Doering
"Seems to be all the same content, now spread to multiple files".
Your patch has been applied to the master branch.
commit f3ebfe9ef31c9d03a344aef41f54ab8a37f7e88f
Author: David Sommerseth
Date: Fri Jul 17 00:53:33 2020 +0200
doc/man: Split up and reorganize main
Acked-by: Gert Doering
I have not tested the actual docutils / openvpn.8 generation (Samuli will
complain loudly if tarball making doesn't work anymore, so that *will*
see testing). Generally it looks sane.
This condition looks a bit fishy, though...
+AM_CONDITIONAL([HAVE_PYDOCUTILS],
Am 15.07.20 um 16:34 schrieb Steffan Karger:
> Hi
>
> On 13-07-2020 11:46, Arne Schwabe wrote:
>> @@ -1100,7 +1100,7 @@ process_incoming_link_part1(struct context *c, struct
>> link_socket_info *lsi, boo
>> floated, _start))
>> {
>>
Acked-by: Gert Doering
I have not really "reviewed" this (this would require a full side-by-
side reading of old and new manpage, and nobody ever reads the
openvpn manpage from top to bottom...) - but I've skimmed through
it, and it made me laugh... :-) ("OpenVPN ... lightweight footprint").
Acked-by: Gert Doering
"And then all the new and huge file is gone again". I'd really like to
squash 01, 03 and 04 - no good to have 230k openvpn.rst file in our git
repo forever (even if compression helps) if we never actually need or
want it as "one single file". So make this "introduce
Acked-by: Gert Doering
New and not-yet-merged documentation from the --bind-dev patch.
Thanks.
Your patch has been applied to the master branch.
commit 8d0b1def830d20410b6648f615ad3ddb5c2797fa
Author: David Sommerseth
Date: Fri Jul 17 12:54:53 2020 +0200
doc/man: Documentation for
The return false/return true is the result of
running uncrustify.
Signed-off-by: Arne Schwabe
---
src/openvpn/multi.c | 24 +---
1 file changed, 9 insertions(+), 15 deletions(-)
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 97b7df16..1fdf6ce5 100644
---
Hi,
On Fri, Jul 17, 2020 at 12:04:30PM +0200, David Sommerseth wrote:
> On 17/07/2020 10:02, Gert Doering wrote:
> > Acked-by: Gert Doering
> >
> > I have not tested the actual docutils / openvpn.8 generation (Samuli will
> > complain loudly if tarball making doesn't work anymore, so that
(oops, sent this one too quickly - resending)
Acked-by: Gert Doering
I have seen these changes before (in the compression patch), they make
sense, so of course we want to have them in .rst as well.
Your patch has been applied to the master branch.
commit
Your patch has been applied to the master branch.
commit ed593e651db20446daa0e494d6018cb65c0efe22
Author: David Sommerseth
Date: Fri Jul 17 00:53:36 2020 +0200
doc/man: Adopt compression documentation
Signed-off-by: David Sommerseth
Acked-by: Gert Doering
Message-Id:
Hi,
On Fri, Jul 17, 2020 at 10:22:25AM +0200, Gert Doering wrote:
> Acked-by: Gert Doering
>
> "And then all the new and huge file is gone again". I'd really like to
> squash 01, 03 and 04 - no good to have 230k openvpn.rst file in our git
> repo forever (even if compression helps) if we
Acked-by: Gert Doering
"Because it's true!"
Your patch has been applied to the master branch.
commit 5c5544d42fbbd346034d05a38b5efe421ea1f911
Author: Richard Bonhomme
Date: Fri Jul 17 00:53:37 2020 +0200
doc/man: Update --txqueuelen default setting (Now OS default)
Signed-off-by:
On 17/07/2020 13:29, Arne Schwabe wrote:
> The return false/return true is the result of
> running uncrustify.
>
> Signed-off-by: Arne Schwabe
> ---
> src/openvpn/multi.c | 24 +---
> 1 file changed, 9 insertions(+), 15 deletions(-)
>
> diff --git a/src/openvpn/multi.c
Acked-by: Gert Doering
Your patch has been applied to the master branch.
commit ee6830c34818bf4dc30cf7f0959ea0c9246bab8d
Author: David Sommerseth
Date: Fri Jul 17 13:01:36 2020 +0200
doc/man: Add misssing renegotiation.rst to Makefile.am
Signed-off-by: David Sommerseth
Your patch has been applied to the master branch.
Tested on the test rig, stared-at-code by antonio, and commit-message-adjusted
by me :-) (a few "defferred" and integrating the new call convention)
commit dfb40edc4acae5f17b0062ecb13ad1fa760ed529
Author: Arne Schwabe
Date: Thu Jul 16 15:43:10
Acked-by: Gert Doering
"By general agreement".
Your patch has been applied to the master branch.
commit 850fd5fab76403bb1a8e21b8d4272b138ce19934
Author: David Sommerseth
Date: Fri Jul 17 00:53:35 2020 +0200
doc/man: Mark compression options as deprecated
Signed-off-by: David
On 17/07/2020 10:02, Gert Doering wrote:
> Acked-by: Gert Doering
>
> I have not tested the actual docutils / openvpn.8 generation (Samuli will
> complain loudly if tarball making doesn't work anymore, so that *will*
> see testing). Generally it looks sane.
>
> This condition looks a bit
Signed-off-by: Maximilian Wilhelm
Signed-off-by: David Sommerseth
---
v2 - Added missing entry into Makefile.am
---
doc/Makefile.am | 1 +
doc/man-sections/network-config.rst | 1 +
.../virtual-routing-and-forwarding.rst| 78
This file did not get added to Makefile.am by a mistake during the
man-page overhaul, and the issue this causes is not easily spotted.
If a consumer of a tarball (created with 'make dist' from the git
tree) tries runs 'make clean' and 'make dist' plus have
python-docutils installed from such a
Else one location overwrites options from the other.
Signed-off-by: Matthias Andree
---
Makefile.am | 3 ---
configure.ac | 6 +-
2 files changed, 5 insertions(+), 4 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 439120e4..d1c10fc5 100644
--- a/Makefile.am
+++ b/Makefile.am
@@
Commit 037669f3dd already made occ being unconditionally on. This commit
only removes the #ifdefs
Signed-off-by: Arne Schwabe
---
src/openvpn/forward.c| 8
src/openvpn/init.c | 16 +---
src/openvpn/occ.c| 9 -
src/openvpn/occ.h| 3 ---
All supported crypto libraries have AEAD support and with our
ncp/de facto default cipher AES-256-GCM we do not want to support
the obscure corner case of a library with disabled AEAD.
Signed-off-by: Arne Schwabe
---
configure.ac | 7 ++-
src/openvpn/crypto.c | 11
The change in name signals that data-ciphers is the preferred way to
configure data channel (and not --cipher). The data prefix is chosen
to avoid ambiguity and make it distinct from tls-cipher for the TLS
ciphers.
Signed-off-by: Arne Schwabe
---
Changes.rst| 13
The NCP rework introduced a regression of sending a --cipher
command as part of the push message when the client does not
support NCP. This is is more a cosmetic issue since the client
will log that as warning in the log and ignore it.
Signed-off-by: Arne Schwabe
---
src/openvpn/push.c | 10
Key-method 1 is only needed to talk to pre OpenVPN 2.0 clients.
Patch V2: Fix style. Make V1 op codes illegal, remove all code handling
v1 op codes and give a good warning message if we encounter
them in the legal op codes pre-check.
Signed-off-by: Arne Schwabe
---
This allows us to skip waiting for the first PUSH_REQUEST message from
the client to send the response.
Signed-off-by: Arne Schwabe
---
src/openvpn/multi.c | 12 ++--
src/openvpn/ssl.c | 15 +--
src/openvpn/ssl.h | 7 +++
3 files changed, 30 insertions(+), 4
By default OpenSSL 1.1+ only allows signatures and ecdh/ecdhx from the
default list of X25519:secp256r1:X448:secp521r1:secp384r1. In
TLS1.3 key exchange is independent from the signature/key of the
certificates, so allowing all groups per default is not a sensible
choice anymore and instead a
This reworks the NCP logic to be more strict about what is
considered an acceptable result of an NCP negotiation. It also
us to finally drop BF-CBC support by default.
All new behaviour is currently limited to server/client
mode with pull enabled. P2p mode without pull does not change.
New
OpenSSL 1.0.1 was supported until 2016-12-31. Rhel6/Centos6 still
use this version but considering that RHEL7 and RHEL8 are already
out, these versions can also stay with OpenVPN 2.4.
All the supported Debian based distributions also come with at
least 1.0.2.
We (accidently) unconditionally
Right now t_net.sh depends on t_client.rc in order to source the
RUN_SUDO variable only.
However, t_client.rc is something that a few people only have configured
and thus this would result in t_net.sh almost never executed even if it
just could.
Drop dependency on t_client.rc by falling back to
Hi,
On Fri, Jul 17, 2020 at 02:05:50PM +, André via Openvpn-devel wrote:
> Regarding radius plugin:
> https://community.openvpn.net/openvpn/wiki/PluginOverview
> The source is here: https://www.nongnu.org/radiusplugin/
Thanks.
Is this the most well maintained version? I know that there
Signed-off-by: Matthias Andree
---
doc/Makefile.am | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/doc/Makefile.am b/doc/Makefile.am
index add92198..80cb2cb8 100644
--- a/doc/Makefile.am
+++ b/doc/Makefile.am
@@ -59,8 +59,9 @@ else
endif
if HAVE_PYDOCUTILS
Signed-off-by: Matthias Andree
---
Makefile.am | 1 -
configure.ac | 2 +-
2 files changed, 1 insertion(+), 2 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 439120e4..e4125447 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -25,7 +25,6 @@
# This option prevents autoreconf from
Your patch has been applied to the master branch.
Tested on the test rig, stared-at-code by antonio, and commit-message-adjusted
by me :-) (a few "defferred" and integrating the new call convention).
Pushed, then went out to write a plugin to excercise this a bit more... and
lo and behold,
Hi,
On 17/07/2020 15:47, Arne Schwabe wrote:
> This allows us to skip waiting for the first PUSH_REQUEST message from
> the client to send the response.
>
> Signed-off-by: Arne Schwabe
> ---
> src/openvpn/multi.c | 12 ++--
> src/openvpn/ssl.c | 15 +--
>
On 16/07/2020 15:43, Arne Schwabe wrote:
> From: Fabian Knittel
>
> This patch introduces the concept of a return value file for the
> client-connect
> handlers. (This is very similar to the auth value file used during deferred
> authentication.) The file name is stored in the
On 17/07/2020 17:05, Matthias Andree wrote:
> Signed-off-by: Matthias Andree
> ---
> doc/Makefile.am | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/doc/Makefile.am b/doc/Makefile.am
> index add92198..80cb2cb8 100644
> --- a/doc/Makefile.am
> +++ b/doc/Makefile.am
Hi,
Regarding radius plugin:
https://community.openvpn.net/openvpn/wiki/PluginOverview
The source is here: https://www.nongnu.org/radiusplugin/
Edited Wiki page.
W.k.r
Pippin
Sent with ProtonMail Secure Email.
___
Openvpn-devel mailing list
On 17/07/2020 17:05, Matthias Andree wrote:
> diff --git a/Makefile.am b/Makefile.am
> index 439120e4..e4125447 100644
> --- a/Makefile.am
> +++ b/Makefile.am
> @@ -25,7 +25,6 @@
>
> # This option prevents autoreconf from overriding our COPYING and
> # INSTALL targets:
> -AUTOMAKE_OPTIONS =
On 17/07/2020 17:36, David Sommerseth wrote:
> On 17/07/2020 17:05, Matthias Andree wrote:
>> Signed-off-by: Matthias Andree
>> ---
>> doc/Makefile.am | 5 +++--
>> 1 file changed, 3 insertions(+), 2 deletions(-)
>>
>> diff --git a/doc/Makefile.am b/doc/Makefile.am
>> index add92198..80cb2cb8
The --no-replay feature is considered to be a security weakness, which
was also highlighed during the OpenVPN 2.4 security audit [0]. This
option was added to the DeprecatedOptions[1] list and has been reported
as deprecated since OpenVPN 2.4.
Now we remove it.
URL: [0]
copy first, then round up the length when adding padding
to the advance.
Found by: GCC 9.3.0 (FreeBSD)
Signed-off-by: Matthias Andree
---
src/openvpn/route.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index b57da5dd..7f760e9d
Else one location overwrites options from the other.
Signed-off-by: Matthias Andree
---
Makefile.am | 3 ---
configure.ac | 4 +++-
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/Makefile.am b/Makefile.am
index 439120e4..d1c10fc5 100644
--- a/Makefile.am
+++ b/Makefile.am
@@
With the conversion of the introduction of a bool variable to signal
when a certain string is a filename or the actual (inline'd) key
material, the SHOW_STR() macro is now leaking the inline'd material to
the log file.
This happens because SHOW_STR will just print the content of the passed
Your patch has been applied to the master branch.
commit 83d6da5097f79c698500f638ee3c54309b982e03
Author: Matthias Andree
Date: Fri Jul 17 19:19:18 2020 +0200
Merge Makefile.am's AUTOMAKE_OPTIONS into configure.ac's AM_INIT_AUTOMAKE.
Signed-off-by: Matthias Andree
Acked-by:
Am 17.07.20 um 17:05 schrieb Matthias Andree:
> Signed-off-by: Matthias Andree
> ---
> Makefile.am | 1 -
> configure.ac | 2 +-
> 2 files changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/Makefile.am b/Makefile.am
> index 439120e4..e4125447 100644
> --- a/Makefile.am
> +++ b/Makefile.am
Am 17.07.20 um 17:05 schrieb Matthias Andree:
> Signed-off-by: Matthias Andree
> ---
> doc/Makefile.am | 5 +++--
> 1 file changed, 3 insertions(+), 2 deletions(-)
>
> diff --git a/doc/Makefile.am b/doc/Makefile.am
> index add92198..80cb2cb8 100644
> --- a/doc/Makefile.am
> +++ b/doc/Makefile.am
Hi,
On Fri, Jul 17, 2020 at 09:08:01PM +0200, Gert Doering wrote:
> This is a new "samples" plugin which does not do many useful things,
> besides
> - show how a plugin is programmed
> - how the various messages get dispatched
> - how to pass back information from a client-connect/v2 plugin
>
Am 17.07.20 um 22:15 schrieb David Sommerseth:
> On 17/07/2020 19:19, Matthias Andree wrote:
>> Else one location overwrites options from the other.
>>
>> Signed-off-by: Matthias Andree
>> ---
>> Makefile.am | 3 ---
>> configure.ac | 4 +++-
>> 2 files changed, 3 insertions(+), 4 deletions(-)
copy first, then round up the length when adding padding
to the advance.
Found by: GCC 9.3.0 (FreeBSD)
Signed-off-by: Matthias Andree
---
src/openvpn/route.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index b57da5dd..24563ed6
This finializes the depreacation started in OpenVPN 2.4, where --no-iv
was made into a NOOP option.
Signed-off-by: David Sommerseth
---
Changes.rst | 3 +++
doc/man-sections/server-options.rst | 2 +-
doc/man-sections/unsupported-options.rst | 2 +-
On 17/07/2020 19:19, Matthias Andree wrote:
> Else one location overwrites options from the other.
>
> Signed-off-by: Matthias Andree
> ---
> Makefile.am | 3 ---
> configure.ac | 4 +++-
> 2 files changed, 3 insertions(+), 4 deletions(-)
>
> diff --git a/Makefile.am b/Makefile.am
> index
Am 17.07.20 um 19:09 schrieb Matthias Andree:
> @@ -3727,6 +3727,7 @@ get_default_gateway_ipv6(struct route_ipv6_gateway_info
> *rgi6,
> msg(M_WARN, "GDG6: socket #1 failed");
> goto done;
> }
> +errno = 0;
> if (write(sockfd, (char *)_rtmsg, l) < 0)
> {
>
Am 17.07.20 um 19:09 schrieb Matthias Andree:
> +LT_INIT()
> +
This guy escaped, so NAK on the first version of the patch.
___
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
This is a new "samples" plugin which does not do many useful things,
besides
- show how a plugin is programmed
- how the various messages get dispatched
- how to pass back information from a client-connect/v2 plugin
- how to do async-cc plugins [not yet implemented]
the operation of the
55 matches
Mail list logo